search

UPPMAX / irods

Project for implementing an iRODS infrastructure on UPPMAX / SciLifeLab
8 stars 3 forks source link

Direct access vault #5

Closed jhagberg closed 12 years ago

jhagberg commented 12 years ago

How should we handle direct file access of files that we still want to do be handled by iRODS ?

Should we dig in to iRODS as ROOT

or still try the other way with non root user owning every vault file and fiddling around with sticky bits and separate folders and resources?

brainstorm commented 12 years ago

Well, in general we should stick with the principle of least privilege:

http://en.wikipedia.org/wiki/Principle_of_least_privilege

That means that the second way should be preferred.

jhagberg commented 12 years ago

Yes I agree. But I am not sure at this moment that it is the best solution.

have you read about this page https://www.irods.org/index.php/Run_server_as_root

About the uppcomming Direct acess vault.

brainstorm commented 12 years ago

Thanks for the pointer Jonas ! I still think we shouldn't run it as root until we see a crucial need for it.

For now I think we should focus on simple use cases. Please could you have a look at issue #6 and report back ?

Thanks !

12 dec 2011 kl. 13:42 skrev jhagberg:

Yes I agree. But I am not sure at this moment that it is the best solution.

have you read about this page https://www.irods.org/index.php/Run_server_as_root

About the uppcomming Direct acess vault.

jhagberg commented 12 years ago

Yes I agree. It is always best to not run things as root.

I will have a look.

cheers

samuell commented 12 years ago

Jonas: I liked the way you had figured out, in order to be able to at least read files directly, even though they are inside the vault, but still needing to iput files for any writing. ... then one could implement some functionality for automatically retrieving the physical path to the file, for reading, possibly in some kind of wrapper ,,,

How was is it, did you/we document this setup somewhere?

jhagberg commented 12 years ago

Hej

Check the internal page. I guess I never had time to finish the setup before I left, so it was still on idea basis, with one practical real life test.

The issues with that solution is that one user have access to a lot of different data since the iRODS user need to be the owner of all the file. If that user is compromised it have access of a lot of important data.

The idea of the direct access vault is I guess that the root user have super power and can simply force the user to not be able to change the files on disk. But still they are the owner of the files. We still have the same problem if the root user get compromised.

if something goes wrong with iRODS we have the same problem if the user are root or if the user is iRODS since we have irods as owner of all files is the same as root in principle.

But if bad code is injected into iRODS the iRODS user can do a lot less damage than the root user. So in that way it is of course better to not run as root.

So in this case it is more cons to run as iRODS user than the cons of using root.

brainstorm commented 12 years ago

At this point I guess a decision has been taken on this (which user to run on):

https://github.com/UPPMAX/irods/wiki/iRODS-as-super--user-root

Therefore, should we close this ?

jhagberg commented 12 years ago

Closing